Tuesday, May 11, 2010

SMS Client Installation Issues

The SMS 2003 Advanced Client may fail to install on some systems, and the ccmsetup.log file won't be of much use, providing a generic MSI failure message.  The client.msi.log file in the CCMSetup directory contains detailed installation information that is of use in these cases.  Before I get to the specifics of this particular issue, note that using the SMSTrace tool in the toolkit will highlight lines with the words "error" and "failed" by default.  However, in the client.msi.log file there are lines near the end of the installation that contain "error" and "failed" text that would appear if you used the client installation wizard, yet an error didn't acutally occur.  This is just an FYI so the next time you're scrolling through the log file, you have an explanation for the bright red highlighted lines that don't seem to make much sense.

However, one interesting error I hit recently was a 25001 error in the client.msi.log file.  The error was as follows:

[21:00:53] Queuing object FIL:C:\WINDOWS\system32\CCM\Bits_v15_Client_Setup.exe with permissions D:

[21:00:53] @@ERR:25001

MSI (s) (30!14) [21:00:53:535]: Product: SMS Advanced Client -- Error 25001. Setup failed due to unexpected circumstances

The error code is 80070534

Error 25001. Setup failed due to unexpected circumstances

The error code is 80070534

This error appeared on a number of servers with IIS installed.  After some research, the systems appeared to be copies of an image that was not properly sysprepped.  They contained IWAM and IUSR accounts with the name of the imaged machine.  While I notified the appropriate folks about the sysprep issue, I still had to address the client installation issue.

Error 80070534 is "No mapping between account names and security IDs was done", so it appeared that this might be an issue.

According to KB 822165, the accounts get recreated if they're deleted, and you bounce the IIS Service.  After deleting the accounts and executing IISReset, the IWAM account came back, but still with the old machine name attached.

To address the situation, I created new IWAM and IUSR accounts with the proper names and a secure password.  Then, following the steps in KB 909847, I opened the command prompt, navigated to the INETPUB\ADMINSCRIPTS directory, and executed the following commands:

Adsutil.vbs set w3svc/wamusername IWAM_Computer_Name
Adsutil.vbs set w3svc/wamuserpass Password
Adsutil.vbs set w3svc/anonymoususername IUSR_Computer_Name
Adsutil.vbs set w3svc/anonymoususerpass Password

I opened the Component Services console and expanded the component services node to get to the COM+ applications.  I went to the properties of IIS Out of Process Pooled, Identity Tab, entered the new IWAM account that I'd created, and clicked OK.  I deleted the old IWAM and IUSR accounts and kicked off IISRESET from the Command Prompt.

Afterwards, the client installed correctly.

While this doesn't address the SYSPREP issue, the client did get installed and I'll let the server owner give the box a new ID.  Other issues that may have been related to this issue appeared in the application and system event logs.  I'm adding these entries to broaden the exposure of this solution through the search engines, in case they pertain:

Event Type:        Error
Event Source:    DCOM
Event Category:                None
Event ID:              10016
Date:                     xx/xx/xxxx
Time:                     11:38:22 AM
User:                     NT AUTHORITY\SYSTEM
Computer:          XXXXXXXX
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18).  This security permission can be modified using the Component Services administrative tool.

and

Event Type:        Warning
Event Source:    COM+
Event Category:                (106)
Event ID:              4434
Date:                     xx/xx/xx
Time:                     10:55:50 AM
User:                     N/A
Computer:          XXXXXX
Description:
A method call to an object in a COM+ application was rejected because the caller is not properly authorized to make this call. The COM+ application is configured to use Application and Component level access checks, and enforcement of these checks is currently enabled. The remainder of this message provides information about the component method that the caller attempted to invoke and the identity of the caller.

Destination of the rejected call:
  Application Id: {1512F761-164A-409B-A6F1-1ED00F1CD986}
  CLSID:           {1C864233-BE46-4D65-B26C-01850DC5424C}
  IID:                 {00020401-0000-0000-C000-000000000046}
  Method #:      18

  Class:       CSRBSL.cBSLPerformance
  Interface: (unknown)
  Method:   (unknown)

Caller Information:
Svc/Lvl/Imp = 10/6/2,  Identity = XXXXXX

and

Event Type:        Warning
Event Source:    Perflib
Event Category:                None
Event ID:              2003
Date:                     xx/xx/xxxx
Time:                     8:50:29 AM
User:                     N/A
Computer:          XXXXXXX
Description:
The configuration information of the performance library "C:\WINDOWS\system32\inetsrv\w3ctrs.dll" for the "W3SVC" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

Use full links -

http://support.microsoft.com/kb/822165/

http://support.microsoft.com/kb/909847

No comments: